Method and device for encryption and decryption

ABSTRACT

An encryption and decryption method applied upon transmitting a plaintext in a communication network containing plural subscriber ends is provided. The method includes steps of: picking a synchronization variation secret key from a first subscriber end, the value of the synchronization variation secret key synchronously varying at the subscriber ends; executing a first operation on the synchronization variation secret key by the first subscriber end to obtain an automatically changed secret key; utilizing the automatically changed secret key to process a subsequent encryption to the plaintext by the first subscriber end so as to obtain a ciphertext to be transmitted to a second subscriber end; receiving the ciphertext and picking the synchronization variation secret key by the second subscriber end to execute the first operation and obtain the automatically changed secret key; and utilizing the automatically changed secret key to process a subsequent decryption to the ciphertext by the second subscriber end so as to obtain the plaintext.

FIELD OF THE INVENTION

This invention relates to a method and device for encryption anddecryption, and more particularly to be applied upon transmitting aplaintext in a communication network containing plural subscriber ends.

BACKGROUND OF THE INVENTION

Because the utilization of the Internet is raised more and more infamilies and enterprises, the situation of sharing resources by a localarea network (LAN) constituted by plural personal computers 11 through aswitch 10 becomes more and more popular. For reducing the troubleoccurred upon the wiring construction in building up a network, thewireless network device seems to be a better way to solve this problem(please refer to FIG. I showing the relevant schematical view). Amongthese, the 802.11 is a standard appointed by the IEEE in 1997 and usedin common for the wireless network. For solving the problem about thesignals being intercepted to then cause the plaintext to be tapped whenbeing transmitted wirelessly, the 802.11 appoints the wired equivalentprivacy (WEEP) as the mode for encryption. Please refer to FIG. 2 whichis a block diagram showing the function of the WEP encryption mode. Thesystem manager has to appoint a set of secret keys having the length of40 bits in advance, and then when some subscriber end wants to transmita plaintext through the wireless network, the system manager will readthe preset secret key, add a random produced initialization vector (IV)having a length of 24 bits to constitute a 64 bits WEP seed, and thenexecute WEP encryption algorithm to produce a key sequence.Additionally, after the plaintext is executed by an integrity checkalgorithm in an integrity check operator 21, an integrity check value(ICV) is produced to be attached to the plaintext. Thus, when thetransmission end wants to process the plaintext transmission, anexclusive OR (XOR) operator 22 will execute an XOR operation for the keysequence and the plaintext containing the ICV to produce a ciphertext.As to the random produced IV, it is attached to the ciphertext withoutencryption, and the IV and the ciphertext are transmitted altogether tothe receiving end. After receiving the signal, the receiving endoperates the prestored known 40 bits secret key with the received IV toproduce the same key sequence, so as to decrypt the ciphertext forobtaining the plaintext.

In the method described above, because all the IV, WEP encryptionalgorithm, and the XOR operation are public informations, the variationof the IV is limited, and the executive program of high level networkprotocol is fixed, the secret key can be easily decrypted by theeavesdropper under sufficient time and database. For avoiding thedecryption of the secret key, the system manager has to change the usersecret keys all the time. Consequently, the burden of the system manageris cumulated more and more, and actually this ideal is also hard to beachieved. Thus, it is therefore tried by the present application to dealwith this situation.

SUMMARY OF THE INVENTION

It is an object of the present invention to provide a method and devicefor encryption and decryption and being applied upon transmitting aplaintext in a communication network containing plural subscriber ends.

It is another object of the present invention to provide a method forthe system manager to automatically change the secret key at periodictime points.

It is another further object of the present invention to provide asolution for solving the problem about the plaintext being tapped easilywhen transmitted through the wireless network.

The present invention provides an encryption and decryption methodapplied upon transmitting a plaintext in a communication networkcontaining plural subscriber ends, which comprises steps of: picking asynchronization variation secret key from a first subscriber end, thesynchronization variation secret key having a value synchronouslyvarying at the subscriber ends; executing a first operation on thesynchronization variation secret key by the first subscriber end toobtain an automatically changed secret key; utilizing the automaticallychanged secret key to process a subsequent encryption to the plaintextby the first subscriber end so as to obtain a ciphertext to betransmitted to a second subscriber end; receiving the ciphertext andpicking the synchronization variation secret key by the secondsubscriber end to execute the first operation and obtain theautomatically changed secret key; and utilizing the automaticallychanged secret key to process a subsequent decryption to the ciphertextby the second subscriber end so as to obtain the plaintext.

Preferably, the communication network is a wireless communicationnetwork.

Preferably, the synchronization variation secret key is a count valueproduced by a timing synchronization function timer (TSFT) of each thesubscriber end at a fixed periodic initial point.

Preferably, the first operation comprises steps of: picking an initialsecret key prestored in the first subscriber end; and operating thesynchronization variation secret key and the initial secret key by awired equivalent privacy (WEP) encryption algorithm to obtain theautomatically changed secret key.

Preferably, the subsequent encryption comprises steps of: providing arandom produced initialization vector; executing a second operation forthe initialization vector and the automatically changed secret key toobtain a key sequence; and executing an exclusive OR (XOR) operationwith the key sequence for the plaintext attached with an integrity checkvalue (ICV) and adding the initialization vector thereto for obtainingthe ciphertext.

Preferably, the integrity check value (ICV) is produced by operating theplaintext through an integrity check algorithm.

Preferably, the integrity check algorithm proceeds a cyclic redundancycheck 32 (CRC 32) operation.

Preferably, the second operation is completed by a wired equivalentprivacy (WEP) encrypted algorithm. WEP uses the RC4 PRNG algorithm.

Preferably, the subsequent decryption comprises steps of: obtaining theinitialization vector from the ciphertext; executing the secondoperation for the initialization vector and the automatically changedsecret key to obtain a key sequence; and executing an exclusive OR (XOR)operation with the key sequence for the ciphertext without theinitialization vector to obtain the plaintext attached with theintegrity check value (ICV).

In accordance with another aspect of the present invention, anencryption and decryption device applied upon transmitting a plaintextin a communication network containing a first subscriber end and asecond subscriber end, which comprises: a first synchronizationvariation secret key generator mounted in the first subscriber end forproducing a synchronization variation secret key; a first secret keyoperator electrically connected to the first synchronization variationgenerator for executing a first operation on the synchronizationvariation secret key produced by the first synchronization variationsecret key generator to obtain an automatically changed secret key; anencryption operator electrically connected to the first secret keyoperator for utilizing the automatically changed secret key to process asubsequent encryption to the plaintext so as to obtain a ciphertext tobe transmitted to a second subscriber end; a second synchronizationvariation secret key generator mounted in the second subscriber end forproducing the synchronization variation secret key synchronously withthe first synchronization variation secret key generator; a secondsecret key operator electrically connected to the second synchronizationvariation secret key generator for picking the synchronization variationsecret key produced by the second synchronization variation secret keygenerator to be executed by the first operation to obtain theautomatically changed secret key; and a decryption operator electricallyconnected to the second secret key operator for utilizing theautomatically changed secret key to process a subsequent decryption tothe ciphertext to obtain the plaintext.

Preferably, the communication network is a wireless communicationnetwork.

Preferably, the first synchronization variation secret key generator isa timing synchronization function timer (TSFT) and the synchronizationvariation secret key is a count value produced by the firstsynchronization variation secret key generator at a fixed periodicinitial point.

Preferably, the first operation executed by the first secret keyoperator comprises steps of: picking an initial secret key prestored inthe first subscriber end; and operating the synchronization variationsecret key and the initial secret key by a wired equivalent privacy(WEP) encryption algorithm to obtain the automatically changed secretkey.

Preferably, the encryption operator comprises: a key sequence operatorfor executing a second operation for a random initialization vector andthe automatically changed secret key to obtain a key sequence; and anexclusive OR (XOR) operator for utilizing the key sequence to execute anXOR operation for the plaintext attached with an integrity check valueand adding the initialization vector to obtain the ciphertext.

Preferably, the integrity check value is produced by executing anintegrity check algorithm with the plaintext through an integrity checkoperator.

Preferably, the integrity check algorithm proceeds a cyclic redundancycheck 32 (CRC 32) operation.

Preferably, the key sequence operator is completed by a wired equivalentprivacy (WEP) encryption algorithm. WEP uses the RC4 PRNG algorithm.

Preferably, the decryption device comprises: a key sequence operator forobtaining the initialization vector through the ciphertext and executingthe second operation for the initialization vector and the automaticallyvariation secret key to obtain the key sequence; and an exclusive OR(XOR) operator for utilizing the key sequence to execute an XORoperation for the ciphertext without the initialization vector to obtainthe plaintext attached with the integrity check value.

The above objects and advantages of the present invention will becomemore readily apparent to those ordinarily skilled in the art afterreviewing the following detailed descriptions and accompanying drawings,in which:

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a framework diagram showing the wireless network apparatus inthe prior art;

FIG. 2 is a block diagram showing the encryption function of the WEPappointed by the 802.11 in the prior art; and

FIG. 3 is a block diagram showing a preferred embodiment of anarchitecture according to the present application.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Please refer to FIG. 3 showing the block diagram of a preferredembodiment of an architecture according to the present application.Similarly, in the preferred embodiment, the system manager also need toappoint a set of initial secret keys having a length of 40 bits to beprestored in each subscriber end. When some subscriber end tries totransmit a plaintext through the wireless network, the preset initialsecret key is read out and is accompained with a synchronizationvariation secret key outputted by a timing synchronization functiontimer (TSFT) 30 to be executed by a first operation through a firstsecret key operator 301, so as to obtain an automatically changed secretkey (whose length is also 40 bits). The WEP encryption algorithm 311included in the encryption operator 31 of the subscriber end executes asecond operation for a 24 bits initialization vector randomly producedby the system and the automatically changed secret key to obtain a keysequence. At this time, an integrity check operator 32 of the subscriberend executes an integrity check algorithm with the plaintext to obtainan integrity check value (ICV), and then the ICV is attached to theplaintext. After the XOR operator 312 included in the encryptionoperator 31 executes an XOR operation for the plaintext attached by theICV and the key sequence, the IV is then also attached to obtain aciphertext to be transmitted to a receiving subscriber end.

After the receiving subscriber end receives the ciphertext, thereceiving subscriber end reads out the preset initial secret key and isaccompanied with the synchronization variation secret key outputted byits TSFT 40 to be executed by the first operation through a secondsecret key operator 401 so as to obtain the automatically changed secretkey. The WEP encryption algorithm 411 included in the decryptionoperator 41 of the receiving subscriber end executes the secondoperation for the initialization vector attached to the ciphertext andthe automatically changed secret key to obtain the key sequence.Furthermore, after executing an XOR operation for the key sequence andthe IV removed ciphertext by an XOR operator 412, the plaintext attachedwith the ICV is obtained.

Regarding the above described first and second operations executed bythe first secret key operator 301, the second secret operator 401, theWEP encryption algorithm 311, and the WEP encryption algorithm 411,these two operations can be completed by the WEP encryption algorithmoriginally provided by the standard 802.11. The integrity checkalgorithm can actually be completed by a cyclic redundancy check 32 (CRC32) operation. The main feature of the present application is to producethe synchronization variation secret key by a timing synchronizationfunction timer (TSFT) originally set in the standard 802.11 of the eachsubscriber end. Because the 802.11 regulates that the TSFT of eachsubscriber end must be counted synchronously with the system, the systemmanager only needs to preset a period for the secret key renewal andthen each subscriber end can automatically read the count valueoutputted by the TSFT at the initial time point of each fixed period asthe synchronization variation secret key. Taking one hour as an example,in every hour, each subscriber end automatically reads the count valueoutputted by the TSFT as the synchronization variation secret key.According to those described above, the action of updating the secretkey automatically and synchronously can be achieved, and moreover, theknown drawback of the secret key being decrypted easily can be overcome.Furthermore, the method according to the present application iscompatible with the 802.11 protocol, and the function for permitting thenew subscriber end to randomly enter the system can be achieved, too.

While the invention has been described in terms of what is presentlyconsidered to be the most practical and preferred embodiments, it is tobe understood that the invention needs not be limited to the disclosedembodiment. On the contrary, it is intended to cover variousmodifications and similar arrangements included within the spirit andscope of the appended claims which are to be accorded with the broadestinterpretation so as to encompass all such modifications and similarstructures.

1. An encryption and decryption method applied upon transmitting aplaintext in a communication network containing plural subscriber ends,said method comprising steps of: picking a synchronization variationsecret key from a first subscriber end, said synchronization variationsecret key having a value synchronously varying at said subscriber ends;executing a first operation on said synchronization variation secret keyby said first subscriber end to obtain an automatically changed secretkey; utilizing said automatically changed secret key to process asubsequent encryption to said plaintext by said first subscriber end soas to obtain a ciphertext to be transmitted to a second subscriber end;receiving said ciphertext and picking said synchronization variationsecret key by said second subscriber end to execute said first operationand obtain said automatically changed secret key; and utilizing saidautomatically changed secret key to process a subsequent decryption tosaid ciphertext by said second subscriber end so as to obtain saidplaintext.
 2. An encryption and decryption method according to claim 1wherein said communication network is a wireless communication network.3. An encryption and decryption method according to claim 1 wherein saidsynchronization variation secret key is a count value produced by atiming synchronization function timer (TSFT) of each said subscriber endat a fixed periodic initial point.
 4. An encryption and decryptionmethod according to claim 1 wherein said first operation comprises stepsof: picking an initial secret key prestored in said first subscriberend; and operating said synchronization variation secret key and saidinitial secret key by a wired equivalent privacy (WEP) encryptionalgorithm to obtain said automatically changed secret key.
 5. Anencryption and decryption method according to claim 1 wherein saidsubsequent encryption comprises steps of: providing a random producedinitialization vector; executing a second operation for saidinitialization vector and said automatically changed secret key toobtain a key sequence; and executing an exclusive OR (XOR) operationwith said key sequence for said plaintext attached with an integritycheck value (ICV) and adding said initialization vector thereto forobtaining said ciphertext.
 6. An encryption and decryption methodaccording to claim 5 wherein said integrity check value (ICV) isproduced by operating said plaintext through an integrity checkalgorithm.
 7. An encryption and decryption method according to claim 6wherein said integrity check algorithm proceeds a cyclic redundancycheck 32 (CRC 32) operation.
 8. An encryption and decryption methodaccording to claim 5 wherein said second operation is completed by awired equivalent privacy (WEP) encryption algorithm.
 9. An encryptionand decryption method according to claim 5 wherein said subsequentdecryption comprises steps of: obtaining said initialization vector fromsaid ciphertext; executing said second operation for said initializationvector and said automatically changed secret key to obtain a keysequence; and executing an exclusive OR (XOR) operation with said keysequence for said ciphertext without said initialization vector toobtain said plaintext attached with said integrity check value (ICV).10. An encryption and decryption device applied for transmitting aplaintext in a communication network containing a first subscriber endand a second subscriber end, said device comprising: a firstsynchronization variation secret key generator mounted in said firstsubscriber end for producing a synchronization variation secret key; afirst secret key operator electrically connected to said firstsynchronization variation generator for executing a first operation onsaid synchronization variation secret key produced by said firstsynchronization variation secret key generator to obtain anautomatically changed secret key; an encryption operator electricallyconnected to said first secret key operator for utilizing saidautomatically changed secret key to process a subsequent encryption tosaid plaintext so as to obtain a ciphertext to be transmitted to asecond subscriber end; a second synchronization variation secret keygenerator mounted in said second subscriber end for producing saidsynchronization variation secret key synchronously with said firstsynchronization variation secret key generator; a second secret keyoperator electrically connected to said second synchronization variationsecret key generator for picking said synchronization variation secretkey produced by said second synchronization variation secret keygenerator to be executed by said first operation to obtain saidautomatically changed secret key; and a decryption operator electricallyconnected to said second secret key operator for utilizing saidautomatically changed secret key to process a subsequent decryption tosaid ciphertext to obtain said plaintext.
 11. An encryption anddecryption device according to claim 10 wherein said communicationnetwork is a wireless communication network.
 12. An encryption anddecryption device according to claim 10 wherein said firstsynchronization variation secret key generator is a timingsynchronization function timer (TSFT) and said synchronization variationsecret key is a count value produced by said first synchronizationvariation secret key generator at a fixed periodic initial point.
 13. Anencryption and decryption device according to claim 10 wherein saidfirst operation executed by said first secret key operator and saidsecond secret key operator comprises steps of: picking an initial secretkey prestored in said first subscriber end; and operating saidsynchronization variation secret key and said initial secret key by awired equivalent privacy (WEP) encryption algorithm to obtain saidautomatically changed secret key.
 14. An encryption and decryptiondevice according to claim 10 wherein said encryption operator comprises:a key sequence operator for executing a second operation for a randominitialization vector and said automatically changed secret key toobtain a key sequence; and an exclusive OR (XOR) operator for utilizingsaid key sequence to execute an XOR operation for said plaintextattached with an integrity check value and adding said initializationvector to obtain said ciphertext.
 15. An encryption and decryptiondevice according to claim 14 wherein said integrity check value isproduced by executing an integrity check algorithm with said plaintextthrough an integrity check operator.
 16. An encryption and decryptiondevice according to claim 15 wherein said integrity check algorithmproceeds a cyclic redundancy check 32 (CRC 32) operation.
 17. Anencryption and decryption device according to claim 15 wherein said keysequence operator is completed by a wired equivalent privacy (WEP)encryption algorithm.
 18. An encryption and decryption device accordingto claim 15 wherein said decryption device comprises: a key sequenceoperator for obtaining said initialization vector through saidciphertext and executing said second operation for said initializationvector and said automatically variation secret key to obtain said keysequence; and an exclusive OR (XOR) operator for utilizing said keysequence to execute an XOR operation for said ciphertext without saidinitialization vector to obtain said plaintext attached with saidintegrity check value.